IETF Logo Mail Archive

Re: [regext] FW: New Version Notification for draft-gould-regext-login-security-00.txt

Patrick Mevzek <pm@dotandco.com> Tue, 05 June 2018 13:29 UTC

Return-Path: <pm@dotandco.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEB91131071 for <regext@ietfa.amsl.com>; Tue, 5 Jun 2018 06:29:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dotandco.com header.b=fNy2NI8y; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=HcDQHNUU
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tC9VDcCeUYIi for <regext@ietfa.amsl.com>; Tue, 5 Jun 2018 06:29:51 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 430DD13106F for <regext@ietf.org>; Tue, 5 Jun 2018 06:29:51 -0700 (PDT)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id A311021B0E for <regext@ietf.org>; Tue, 5 Jun 2018 09:29:50 -0400 (EDT)
Received: from web3 ([10.202.2.213]) by compute3.internal (MEProxy); Tue, 05 Jun 2018 09:29:50 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dotandco.com; h= content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm3; bh=eALHzQYNJYdiSfeoD9tLR1VYFq1Sm W7mojZP8M4Onvo=; b=fNy2NI8y/+gCUx/dB8pcUHLuS3ZfX6cYu4r/3DmaeMqW9 YYkJikzKnZbbmIdNLIDAcyRHxbo62DFOdAEK5PmILZpZLuuXhhZx56KL8WdI7uhy svnAOL2p150WdxC2hsVzZpCLHTgFrD69442n54RiydEjbbORqo7DqqqGB4eVbMX2 J8t4ztjg67imY8CL/uv+0X8My0/fZi8n0SCDBXTygeYnKs9rjDWhMaJ7ZLpBKZpt kgdDQc8PjsDE4Wg/mtsyQaRayRIdHnPmMCq9m2KqwyZD0/iiZlyxCn6atjyQTZxi jK5d1oZYPtfpWht1rFeLavNL0WzVBeJNCwjm6RmiQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=eALHzQ YNJYdiSfeoD9tLR1VYFq1SmW7mojZP8M4Onvo=; b=HcDQHNUURlJfhjPq4Tmm7w utJzTSjWCWqyMgyagcNwyqpMVusXxcMqb4nCov6WYVpc+bNu0NyLXuedFzncejV/ krNeoBri5oLQNDHSMAMXp0ZUPSXtMmuGT56yz8r+VnDwHnrSJItf+C/mf4Fd0ANz B6/+uKRcYcfaMLIgT0TISIXwnrCaaKdZBylxa7gEetvueuMy/CkCxfybPG8r7nxs yt7mskR/Mf4ZK2NJVgBkYvkdUOTEGKI82VdnBjIcoOCKcqk4M2SMkL99hRpeh6ls D4cjVDgHzAxt5SMzXPLf5u6jvFUVjA202StSr/Yo/3VziDQWjg7w8L79UkWC+LEg ==
X-ME-Proxy: <xmx:TpAWW42EWHzPTCwXMMyLx9EMRkU9GNP5hTJRJp1ZwrGfp9GOKYoAKA>
X-ME-Proxy: <xmx:TpAWW0-GsVOllnUl2NdppqDoSCPUpyYTGT2Mx3LsDFIovDdz1RKmNg>
X-ME-Proxy: <xmx:TpAWW1hm1X61KlJbBYh0GT36Hum9dkDBYuSe34m8FS-vdiLvYIIYqg>
X-ME-Proxy: <xmx:TpAWWwXsWPeWOuGRSX4UmCila70Ifopa9qFDsvJhVzRys2b5NMbQmQ>
X-ME-Proxy: <xmx:TpAWW7FxERHxiSahVfyoiRRuoyI5P7Nm4NLXlt0blpi-VJanBeXq3A>
X-ME-Proxy: <xmx:TpAWWz0jcbQRk2xKE9yWdc6_fAEXFUILNmEQ9PTEUF7EAtPGi3QWOg>
X-ME-Sender: <xms:TpAWW6WgK2WKCRnpZbfteEwJcHSlDffgqMcw_6XJ2XytP2BjYeNU2MC132Q>
Received: by mailuser.nyi.internal (Postfix, from userid 99) id 533DC9E2C1; Tue, 5 Jun 2018 09:29:50 -0400 (EDT)
Message-Id: <1528205390.2232204.1397088704.5BE4DC4B@webmail.messagingengine.com>
From: Patrick Mevzek <pm@dotandco.com>
To: regext@ietf.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="utf-8"
X-Mailer: MessagingEngine.com Webmail Interface - ajax-fb4a77ea
Date: Tue, 05 Jun 2018 15:29:50 +0200
In-Reply-To: <5DF69768-0A2C-422C-AEDA-296BD446268F@dnsbelgium.be>
References: <61D9AB58-FF73-4642-9F01-01E1808E08BC@verisign.com> <1528176752.2069319.1396420528.6ABF4D3A@webmail.messagingengine.com> <5DF69768-0A2C-422C-AEDA-296BD446268F@dnsbelgium.be>
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/__3s9kGwAdlTf32qQKS21W0X21I>
Subject: Re: [regext] FW: New Version Notification for draft-gould-regext-login-security-00.txt
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jun 2018 13:29:53 -0000


On Tue, Jun 5, 2018, at 09:26, Pieter Vandepitte wrote:
> I follow the concerns of Patrick,
> 
> I'm neither a fan of the [LOGIN-SECURITY]. Isn't it enough to specify 
> that a server MUST ignore the value of <pw> if the loginSec extension is 
> used?

That could be a solution too, and would work for further versions. 

> I don't know if I overlooked it, but it seems that there's only support 
> for password based login and provisioning. Do you plan to support other 
> things like digest authentication?

I agree that it could be useful and I forgot about that, it could be a good idea to make something more generic at the same time, to handle other kind of authentications.

There is already a VeriSign EPP extension for 2 factors auth, I do not find it online anymore but I implemented it and it was for namespaces:
http://www.verisign.com/epp/authExt-1.0
'http://www.verisign.com/epp/authSession-1.0
but it was more for domain:update operations.

-- 
  Patrick Mevzek

v2.23.0 | Report a Bug | By Email